Roundcubemail devel
parent: d29f7810 | patch | commit | ignore whitespace
Giovanni Bajo
2013-10-20 35533c362218f556c7f7a1bea3a62702ca1359c6 
Allow HTTP authentication without password.

This makes it the plugin useful for any form of webserver-based
authentication (CAS, SAML, etc.); of course, other plugins will
have to be installed to handle connections to the IMAP/SMTP
servers, but at least they don't need to duplicate the basic
HTTP authentication functionality.
1 files modified
10 ■■■■■ changed files
plugins/http_authentication/http_authentication.php 10 ●●●●● patch | view | raw | blame | history 
 plugins/http_authentication/http_authentication.php


@@ -29,7 +29,7 @@




    function startup($args)


    {


        if (!empty($_SERVER['PHP_AUTH_USER']) && !empty($_SERVER['PHP_AUTH_PW'])) {


        if (!empty($_SERVER['PHP_AUTH_USER'])) {


            $rcmail = rcmail::get_instance();


            $rcmail->add_shutdown_function(array('http_authentication', 'shutdown'));




@@ -38,7 +38,8 @@


                $args['action'] = 'login';


            }


            // Set user password in session (see shutdown() method for more info)


            else if (!empty($_SESSION['user_id']) && empty($_SESSION['password'])) {


            else if (!empty($_SESSION['user_id']) && empty($_SESSION['password'])


                     && !empty($_SERVER['PHP_AUTH_PW'])) {


                $_SESSION['password'] = $rcmail->encrypt($_SERVER['PHP_AUTH_PW']);


            }


        }


@@ -61,9 +62,10 @@


            return $args;


        }




        if (!empty($_SERVER['PHP_AUTH_USER']) && !empty($_SERVER['PHP_AUTH_PW'])) {


        if (!empty($_SERVER['PHP_AUTH_USER'])) {


            $args['user'] = $_SERVER['PHP_AUTH_USER'];


            $args['pass'] = $_SERVER['PHP_AUTH_PW'];


            if (!empty($_SERVER['PHP_AUTH_PW']))


                $args['pass'] = $_SERVER['PHP_AUTH_PW'];


        }




        $args['cookiecheck'] = false;